Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce woocommerce vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-20891
WooCommerce prior to 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.
Woocommerce Woocommerce
4.8
CVSSv3
CVE-2021-24323
When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled
Woocommerce Woocommerce
4.3
CVSSv3
CVE-2022-0775
The WooCommerce WordPress plugin prior to 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment
Woocommerce Woocommerce
4.8
CVSSv3
CVE-2023-32575
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions.
Woocommerce Woocommerce
5.4
CVSSv3
CVE-2023-32746
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.
Woocommerce Woocommerce Brands
6.1
CVSSv3
CVE-2021-24940
The Persian Woocommerce WordPress plugin up to and including 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue
Woocommerce Persian-woocommerce
5.4
CVSSv3
CVE-2023-34004
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions.
Woocommerce Woocommerce Box Office
6.5
CVSSv3
CVE-2023-3507
The WooCommerce Pre-Orders WordPress plugin prior to 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow malicious users to make logged in admins cancel arbitrary pre-orders via a CSRF attack
Woocommerce Woocommerce Pre-orders
6.5
CVSSv3
CVE-2023-3508
The WooCommerce Pre-Orders WordPress plugin prior to 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow malicious users to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complet...
Woocommerce Woocommerce Pre-orders
6.1
CVSSv3
CVE-2021-24938
The WOOCS WordPress plugin prior to 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue
Woocommerce Woocommerce Currency Switcher
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »